package com.brook.springbootsrcurity.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author Brook
 */
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //链式配置拦截策略
        http.csrf().disable() //关闭csrf跨域检查
                .authorizeRequests()
                .antMatchers("/mobile/**").hasAuthority("mobile") //配置资源权限
                .antMatchers("/salary/**").hasAuthority("salary")
                .antMatchers("/common/**").permitAll() //common下的请求直接通过
                .anyRequest().authenticated() //其他请求需要登陆
                //.and().rememberMe().userDetailsService() //记住账号密码
                .and() //配置自己的登录页面，而且由于sprigSecurity前后端不分离所以要配置loginProcessingUrl.formLogin().loginPage("/index.html").loginProcessingUrl("/login") //并行条件
                .formLogin()
                .defaultSuccessUrl("/main.html").failureUrl("/common/loginFailed");
    }

}

